Hi, Does anyone have a working solution for creating an alert view which would filter alerts so that all alerts would be shown except ones from "Sitename = HQ"? I am aware that it is very easy to create an alert view which shows alerts with "Sitename = HQ", but this is the exact opposite. Also it would resolve this issue if I could add Sitename property to normal management server. I know that the sitename attribute resides in SQL database for GW's, but I have not tested yet if it is possible to add one for a management server (manually directly to the DB). I am quite sure that would not be supported either. Thanks for all ideas to get around this problem! -TeroMCT | MCSE | MCITP | MCTS SCOM, SCCM, SCVMM, SCDPM

If sites map to subnets, you could perhaps group computers based on IP address and then alert based on custom groups Dynamic Group Population by Subnet(s) in SCOM 2007 - Advanced Formula ExamplesPete Zerger, MVP-OpsMgr and SCE | http://www.systemcentercentral.com

Thanks Pete for the reply. I believe that is not the solution as that will not get all the members required to the group. I mean not all the alerts will be created by windows computer objects but perhaps IIS's, SQL Servers, network devices, ESX hosts and the list goes on. Due to the amount of servers (several hundreds) with several naming standards and A LOT of IP ranges, I think grouping would be impossible to handle in long term. I have registry keys in place in all of the monitored computers so I can group them by the registry value, but not able to do it by the requirements stated in my first post. I will still test your suggestion if windows computer object will also include all the alerts created by the objects descending from windows computer. Haven't played a lot with the view's yet, but I guess there's first time for everything ;) -TeroMCT | MCSE | MCITP | MCTS SCOM, SCCM, SCVMM, SCDPM

What is the target type of the Alert View (Show Data related to ____)? Is it Management Servers?Michael Pearson OpsMgr Performance Test Team http://blogs.technet.com/michaelpearson/ This posting is provided "AS IS" with no warranties, and confers no rights. Use of attachments are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm

Hi Tero, Try to use a regexp for that: From a specific Site = [^(SiteName that you want to exclude)] HTHhttp://OpsMgr.ru/

Michael: show data related to entity. Goal is to show all alerts except ones coming from a specific site Alexey: I played with the view creation, but it seems that you can only use SQL wildcards % and _ in the query. Therefore there is no "not" operator. Regular expressions don't seem to work either. MCT | MCSE | MCITP | MCTS SCOM, SCCM, SCVMM, SCDPM

Michael: show data related to entity. Goal is to show all alerts except ones coming from a specific site Alexey: I played with the view creation, but it seems that you can only use SQL wildcards % and _ in the query. Therefore there is no "not" operator. Regular expressions don't seem to work either. MCT | MCSE | MCITP | MCTS SCOM, SCCM, SCVMM, SCDPM

I went all the way to check how the filter is saved to OperationsManager DB and where the information exactly is. All the views in monitoring tab can be found via SQL view dbo.ViewsView. ConfigurationXml column in the view has the information how to filter the view in SCOM. At the moment I was able to pick the how Sitename is defined in the configurationxml column. Its like this "<Criteria><Site>Testsite</Site></Criteria>". Right now I am still unaware how/where that xml is afterwards used so I am unable to figure this one out fully yet. This is probably the hard way, all other suggestions are very welcome! -TeroMCT | MCSE | MCITP | MCTS SCOM, SCCM, SCVMM, SCDPM

I went all the way to check how the filter is saved to OperationsManager DB and where the information exactly is. All the views in monitoring tab can be found via SQL view dbo.ViewsView. ConfigurationXml column in the view has the information how to filter the view in SCOM. At the moment I was able to pick the how Sitename is defined in the configurationxml column. Its like this "<Criteria><Site>Testsite</Site></Criteria>". Right now I am still unaware how/where that xml is afterwards used so I am unable to figure this one out fully yet. This is probably the hard way, all other suggestions are very welcome! -TeroMCT | MCSE | MCITP | MCTS SCOM, SCCM, SCVMM, SCDPM

Tero, Like you mention, they SQL query that is generated adds a "%" to whatever you put into your filter criteria. Unfortunatly, a "not" filter doesn't exist. The only way we've gotten customers around this in the past was to turn the logic around completly. This isn't the easiest solution, but it can sometimes work. Instead of "SiteName Not like <sit to exclude>" try "SiteName like <Site 1> or <Site 2> <or <Site 3>" until you have all of the sites listed. This is not ideal, but it should work for you. Be careful as you add sites though, since you'd need to add that site to this list to get the alerts! Michael Pearson OpsMgr Performance Test Team http://blogs.technet.com/michaelpearson/ This posting is provided "AS IS" with no warranties, and confers no rights. Use of attachments are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm

Thanks for the response Michael. However... :) There still is the issue that we have agents connected to normal management servers and those do not have the Sitename attribute defined. And as far as I know, it is still not supported in anyway by Microsoft. So I am still unable to resolve the problem with the suggested workaround. I think I am going to investigate more to set normal management servers the Sitename attribute in a test environment. -TeroMCT | MCSE | MCITP | MCTS SCOM, SCCM, SCVMM, SCDPM

I totally agree that we need a NOT clause for alert views! I was totally unaware of this Site concept. We have GWs but they do not set the Site property for alerts(coming from computers managed by gws). You could probably use a notification channel (triggering a command) to set the site on alerts not having one defined, or use Orchestrator (Opalis) do the same. Or some other mechanism. /RogerThis posting is provided "AS IS" with no warranties, and confers no rights.

Perhaps going back to before... You mention that it is easy to create the group for HQ. And you want to opposite. You can create a group covering everything, except the members of the HQ group. That would give you the group of "everything else". Perhaps that will help you?Bob Cornelissen - BICTT (My BICTT Blog)

I don't think you can resolve this issue with groups as what I want to achieve is to create a view that would show me all alerts coming from anywhere else except "site = HQ". This concerns alerts, not objects. Objects can be whatever as long as they are not in a certain site so what would I pick to the group? -TeroMCT | MCSE | MCITP | MCTS SCOM, SCCM, SCVMM, SCDPM

Hi Tero. Well because the alerts are coming from objects in those other locations. So if you could group them together you can apply the filter. If you create a group containing all servers/devices in the HQ in some way. Than you can create a group with all objects not belonging to the HQ group (exclude that group from the members). And you can create an alert view for all alerts coming from HQ and all alerts coming from the "rest" group.Bob Cornelissen - BICTT (My BICTT Blog)

Hi Bob and thanks for the ideas. I agree it would work by selecting objects to a group if world was perfect. BUT we are talking about hundreds of object types. If you were able to select objects like "this entity and all objects that have been created from the selected entity" then it might be possible, but unfortunately world is not perfect - not even SCOM - I belive this is not possible. So then we are back to start, not able to select all objects of different types, because there are too many of them to be controlled.MCT | MCSE | MCITP | MCTS SCOM, SCCM, SCVMM, SCDPM

Hi Tero, I am not sure. But what i was talking about is to group all Servers in one group. This should automatically include all objects contained within that level (so websites and databases hosted on that box). This is the same as when you would use Site or IP range(s) to define the objects together as a group of entities. It all depends on the info you have available. for instance for servers and network devices you can use the ip address to create groupings (Pete Zerger has a few posts on that). Or you could use SiteName if that is defined on those items. Next option would be to group servers and devices based on their naming convention. Windows servers on basis of AD site name(s) is possible. And of course like I suggested there is also creating a group for HQ in some way and create another one that contains the opposite. or actually directly create not-contains or not-equals rules of some sort. But again, normally you would use the top level objects here. Network Device, Windows Server, Unix Server. And those contain all objects below that level (websites/databases/exchange role/network adapter/whatever), so you should go for those top levels to bring those together. Most likely by one of the criteria I just mentioned. IP or AD site or sitename (through another way), naming convention, or picking the smallest group of objects and excluding that one from the larger group. These mostly should work automatically as well without manual changes all the time. Other option left (and not funny with big numbers) is to create a Savision Live Map/List and quick select the objects and drop them all on the map or list. These options must bring you somewhere.Bob Cornelissen - BICTT (My BICTT Blog)